package com.fwtai.pay.wechat.util;

import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;

public final class AesUtil {

  private static final String TRANSFORMATION = "AES/GCM/NoPadding";

  private static final int KEY_LENGTH_BYTE = 32;
  private static final int TAG_LENGTH_BIT = 128;

  private final byte[] aesKey;

  /**无效的ApiV3Key*/
  public AesUtil(final byte[] key) {
    if (key.length != KEY_LENGTH_BYTE) {
      throw new IllegalArgumentException("无效的ApiV3Key，长度必须为32个字节");
    }
    this.aesKey = key;
  }

  public String decryptToString(final byte[] associatedData,final byte[] nonce,final String ciphertext)
    throws GeneralSecurityException {
    try {
      final SecretKeySpec key = new SecretKeySpec(aesKey, "AES");
      final GCMParameterSpec spec = new GCMParameterSpec(TAG_LENGTH_BIT, nonce);
      final Cipher cipher = Cipher.getInstance(TRANSFORMATION);
      cipher.init(Cipher.DECRYPT_MODE, key, spec);
      cipher.updateAAD(associatedData);
      return new String(cipher.doFinal(Base64.getDecoder().decode(ciphertext)), StandardCharsets.UTF_8);
    } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
      throw new IllegalStateException(e);
    } catch (InvalidKeyException | InvalidAlgorithmParameterException e) {
      throw new IllegalArgumentException(e);
    }
  }
}